Many government entities require a SSAE 16 or require their vendors to perform a SSAE 16. The primary reason for this audit is to ensure appropriate internal controls are in place and functioning as designed. Transparency is critical in these situations. Often times, one government agency will perform a SSAE 16 and other government entities will utilize the same report. For example, if one government entity develops software that will be used by other government entities, the other government entities will require a SSAE 16 on the application, ensuring control are in place and the SDLC process was controlled.